Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package NetworkManager-l2tp for
openSUSE:Factory checked in at 2023-01-07 17:16:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/NetworkManager-l2tp (Old)
and /work/SRC/openSUSE:Factory/.NetworkManager-l2tp.new.1563 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "NetworkManager-l2tp"
Sat Jan 7 17:16:01 2023 rev:13 rq:1056305 version:1.20.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/NetworkManager-l2tp/NetworkManager-l2tp.changes
2022-11-15 13:21:02.984684380 +0100
+++
/work/SRC/openSUSE:Factory/.NetworkManager-l2tp.new.1563/NetworkManager-l2tp.changes
2023-01-07 17:16:17.552931116 +0100
@@ -1,0 +2,14 @@
+Wed Jan 4 11:16:10 UTC 2023 - Dirk Müller <[email protected]>
+
+- Update to version 1.20.8:
+ + Fix padding of PPP Options dialog.
+ + Undo PTP peer & ext GW routing prevention workaround first
+ introduced with NetworkManager-l2tp 1.8.4 as workaround no
+ longer works with NetworkManager 1.36. The actual fix should
+ be done in NetworkManager.
+ + Add support for Manual IPv4 configuration options: Address,
+ Netmask and Gateway.
+ + Remove deprecated OpenSSL 3 related code.
+ + Load L2TP kernel modules if NM_L2TP_MODPROBE env variable set.
+
+-------------------------------------------------------------------
@@ -5,3 +19,3 @@
- * Fix for Libreswan 4.9 and later detection.
- * Fix for ipsec-psk-flags setting not being saved.
- * Add getenv NM_L2TP_XL2TPD_MAX_RETRIES to allow setting the
+ + Fix for Libreswan 4.9 and later detection.
+ + Fix for ipsec-psk-flags setting not being saved.
+ + Add getenv NM_L2TP_XL2TPD_MAX_RETRIES to allow setting the
@@ -9 +23 @@
- * Increase IPsec and L2TP daemon wait timeouts for potentially
+ + Increase IPsec and L2TP daemon wait timeouts for potentially
@@ -11 +25 @@
- * Updated translations.
+ + Updated translations.
@@ -13 +27 @@
- * Security fix - properly detect that strongswan CHILD_SA
+ + Security fix - properly detect that strongswan CHILD_SA
@@ -15 +29 @@
- * Fix for libreswan "cannot route template policy" error.
+ + Fix for libreswan "cannot route template policy" error.
@@ -21,2 +35 @@
-- Changes from version 1.20.0:
- * Gtk4 version of the editor plugin is now available (for use
+ + Gtk4 version of the editor plugin is now available (for use
@@ -24 +37 @@
- * Updated translations.
+ + Updated translations.
@@ -35,8 +48,7 @@
-- Changes from version 1.8.6:
- * Support for kl2tpd from Katalix's go-l2tp project added.
- * Support for Multilink PPP added.
- * L2TP ephemeral source port checkbox added.
- * Honors $CHARONDEBUG and $PLUTODEBUG even without --debug
- * intltool for i18n builds no longer required.
- * deprecated libnm-glib/libnm-util code removed.
- * Updated translations.
+ + Support for kl2tpd from Katalix's go-l2tp project added.
+ + Support for Multilink PPP added.
+ + L2TP ephemeral source port checkbox added.
+ + Honors $CHARONDEBUG and $PLUTODEBUG even without --debug
+ + intltool for i18n builds no longer required.
+ + deprecated libnm-glib/libnm-util code removed.
+ + Updated translations.
@@ -51,2 +63 @@
-- Changes from version 1.8.4:
- * Fix for make check warning that prevented RPMs from being
+ + Fix for make check warning that prevented RPMs from being
@@ -55,2 +66 @@
- * Updated translations.
- * Update strings for new dialog design in gnome-shell.
+ + Update strings for new dialog design in gnome-shell.
@@ -58,3 +68,3 @@
- * Use /usr/share/metainfo for AppData files.
- * Move D-Bus policy file to /usr/share/dbus-1/system.d/.
- * Add --with-nm-ipsec-nss-dir configure switch for Libreswan NSS
+ + Use /usr/share/metainfo for AppData files.
+ + Move D-Bus policy file to /usr/share/dbus-1/system.d/.
+ + Add --with-nm-ipsec-nss-dir configure switch for Libreswan NSS
@@ -62,7 +72,5 @@
- * Do not add broken route to VPN gateway IP address.
- * Add back import/export capability.
- * update default PPPD_PLUGIN_DIR to ${libdir}/pppd/2.4.8.
- * Fix for user certificate password flags for connection editor.
- - Changes from version 1.8.0:
- * Fixes for user certificate support.
- * Provide --enable-libreswan-dh2 configure switch for older
+ + Do not add broken route to VPN gateway IP address.
+ + Add back import/export capability.
+ + Fix for user certificate password flags for connection editor.
+ + Fixes for user certificate support.
+ + Provide --enable-libreswan-dh2 configure switch for older
@@ -70 +78,3 @@
- * KDE plasma-nm compatibility for "Gateway ID".
+ + KDE plasma-nm compatibility for "Gateway ID".
+ + Updated translations.
+- Update default PPPD_PLUGIN_DIR to %{_libdir}/pppd/2.4.8.
@@ -90,4 +100,4 @@
- * User and machine TLS certificate support.
- * New dependency on OpenSSL's libcrypto (>= 1.1.0).
- * New dependency on Network Security Services (NSS) libraries.
- * Routines to auto detect the TLS certificate and private key
+ + User and machine TLS certificate support.
+ + New dependency on OpenSSL's libcrypto (>= 1.1.0).
+ + New dependency on Network Security Services (NSS) libraries.
+ + Routines to auto detect the TLS certificate and private key
@@ -98 +108 @@
- * Routines to import certificates and privates keys into a
+ + Routines to import certificates and privates keys into a
@@ -100 +110 @@
- * Grey out the auth type selection for user authentication if
+ + Grey out the auth type selection for user authentication if
@@ -103,7 +113 @@
- * Updated translations.
-- Changes from version 1.2.10:
- * Updated translations.
- * Remove "Prevalent Algorithms" button, override default
- algorithms. The phase 1 & 2 proposals previously provided by
- the Prevalent Algorithms button are now the new defaults for
- the IKEv1 proposals.
+ + Updated translations.
@@ -116,2 +120,2 @@
- * Changed Legacy Proposal button to Prevalent Algorithms button.
- * Prevalent Algorithms button populates Phase 1 and 2 Algorithm
+ + Changed Legacy Proposal button to Prevalent Algorithms button.
+ + Prevalent Algorithms button populates Phase 1 and 2 Algorithm
@@ -120,2 +124,2 @@
- * Added use IKEv2 key exchange option.
- * Improved debugging output for Libreswan and strongSwan.
+ + Added use IKEv2 key exchange option.
+ + Improved debugging output for Libreswan and strongSwan.
@@ -126 +130 @@
- * Gray out "IPsec Settings..." button if neither Libreswan nor
+ + Gray out "IPsec Settings..." button if neither Libreswan nor
@@ -128 +132 @@
- * Updated translations.
+ + Updated translations.
@@ -134,5 +138,4 @@
- * Updated translations.
- * Added Legacy Proposal button.
- * Added extra IPsec configuration options.
- * renamed Gateway ID to Remote ID.
- * Use /etc/ipsec.d/ipsec.nm-l2tp.secrets instead of
+ + Added Legacy Proposal button.
+ + Added extra IPsec configuration options.
+ + renamed Gateway ID to Remote ID.
+ + Use /etc/ipsec.d/ipsec.nm-l2tp.secrets instead of
@@ -140,3 +143,3 @@
- * PSK is now Base64 encoded.
- * Legacy KDE Plasma-nm user certificate support.
- * libnm-glib compatibility (NetworkManager < 1.0) is disabled by
+ + PSK is now Base64 encoded.
+ + Legacy KDE Plasma-nm user certificate support.
+ + libnm-glib compatibility (NetworkManager < 1.0) is disabled by
@@ -143,0 +147 @@
+ + Updated translations.
@@ -145 +149 @@
- * Point version 1.2.10 appdata image URIs to nm-1-2 github
+ + Point version 1.2.10 appdata image URIs to nm-1-2 github
@@ -147 +151 @@
- * Corrected force UDP encapsulation toggle button behavior.
+ + Corrected force UDP encapsulation toggle button behavior.
@@ -149 +153 @@
- project being renamed from network-manaager-l2tp to
+ project being renamed from network-manager-l2tp to
@@ -155,2 +159,2 @@
-- Delete any transient nm-l2rp-ipsec-*.secrets files previously
- generated by versions <= 1.2.10 in %%pre section.
+- Delete any transient nm-l2rp-ipsec-+.secrets files previously
+ generated by versions <= 1.2.10 in %pre section.
@@ -186,2 +190,2 @@
- * Updated translations.
- * Stops strongSwan service when a connection cannot be
+ + Updated translations.
+ + Stops strongSwan service when a connection cannot be
@@ -190,2 +194,2 @@
- * Prefer building against stable libsecret API.
- * If L2TP port 1701 is already in use, no longer writes
+ + Prefer building against stable libsecret API.
+ + If L2TP port 1701 is already in use, no longer writes
@@ -196 +200 @@
- * Split libnm-vpn-plugin-pptp.so into a GTK-free core plugin
+ + Split libnm-vpn-plugin-pptp.so into a GTK-free core plugin
@@ -200 +204 @@
- * runtime test for strongwan or libreswan no longer performed if
+ + runtime test for strongwan or libreswan no longer performed if
@@ -203 +207 @@
- * NetworkManager 1.1.x and 1.2.0 support
+ + NetworkManager 1.1.x and 1.2.0 support
@@ -212,2 +216,2 @@
- * Updated translations.
- * Stops strongSwan service when a connection cannot be
+ + Updated translations.
+ + Stops strongSwan service when a connection cannot be
@@ -215 +219 @@
- * sets phase 1 (ike) and phase 2 (esp) ciphers for strongswan to
+ + sets phase 1 (ike) and phase 2 (esp) ciphers for strongswan to
@@ -218 +222 @@
- * If L2TP port 1701 is already in use, no longer writes
+ + If L2TP port 1701 is already in use, no longer writes
@@ -222,3 +226,3 @@
- * Uses UUID instead of PID for run-time generated filenames
- * No longer temporarily replaces system /etc/ipsec.secrets file
- * IPsec rekeying is now possible because the following file
+ + Uses UUID instead of PID for run-time generated filenames
++++ 63 more lines (skipped)
++++ between
/work/SRC/openSUSE:Factory/NetworkManager-l2tp/NetworkManager-l2tp.changes
++++ and
/work/SRC/openSUSE:Factory/.NetworkManager-l2tp.new.1563/NetworkManager-l2tp.changes
Old:
----
NetworkManager-l2tp-1.20.6.tar.xz
New:
----
NetworkManager-l2tp-1.20.8.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ NetworkManager-l2tp.spec ++++++
--- /var/tmp/diff_new_pack.YjFpmU/_old 2023-01-07 17:16:17.960933549 +0100
+++ /var/tmp/diff_new_pack.YjFpmU/_new 2023-01-07 17:16:17.968933597 +0100
@@ -1,7 +1,7 @@
#
# spec file for package NetworkManager-l2tp
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%define pppd_plugin_dir %(rpm -ql ppp | grep -m1 pppd/[0-9]*)
Name: NetworkManager-l2tp
-Version: 1.20.6
+Version: 1.20.8
Release: 0
Summary: NetworkManager VPN support for L2TP and L2TP/IPsec
License: GPL-2.0-or-later
++++++ NetworkManager-l2tp-1.20.6.tar.xz -> NetworkManager-l2tp-1.20.8.tar.xz
++++++
++++ 2268 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/NetworkManager-l2tp-1.20.6/NEWS new/NetworkManager-l2tp-1.20.8/NEWS
--- old/NetworkManager-l2tp-1.20.6/NEWS 2022-10-29 03:58:47.000000000 +0200
+++ new/NetworkManager-l2tp-1.20.8/NEWS 2022-12-29 06:39:48.000000000 +0100
@@ -1,4 +1,19 @@
==========================================================
+NetworkManager-l2tp-1.20.8
+Overview of changes since NetworkManager-l2tp-1.20.6
+==========================================================
+
+Changes:
+* Fix padding of PPP Options dialog.
+* Undo PTP peer & ext GW routing prevention workaround first introduced
+ with NetworkManager-l2tp 1.8.4 as workaround no longer works with
+ NetworkManager 1.36. The actial fix should be done in NetworkManager.
+* Add support for Manual IPv4 configuration options:
+ Address, Netmask and Gateway.
+* Remove deprecated OpenSSL 3 related code
+* Load L2TP kernel modules if NM_L2TP_MODPROBE env variable set.
+
+==========================================================
NetworkManager-l2tp-1.20.6
Overview of changes since NetworkManager-l2tp-1.20.4
==========================================================
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/NetworkManager-l2tp-1.20.6/appdata/network-manager-l2tp.metainfo.xml
new/NetworkManager-l2tp-1.20.8/appdata/network-manager-l2tp.metainfo.xml
--- old/NetworkManager-l2tp-1.20.6/appdata/network-manager-l2tp.metainfo.xml
2022-10-29 04:32:16.000000000 +0200
+++ new/NetworkManager-l2tp-1.20.8/appdata/network-manager-l2tp.metainfo.xml
2022-12-29 10:18:50.000000000 +0100
@@ -27,17 +27,17 @@
</description>
<screenshots>
<screenshot type="default">
- <image width="800"
height="608">https://raw.githubusercontent.com/nm-l2tp/NetworkManager-l2tp/1.20.6/appdata/l2tp.png</image>
+ <image width="800"
height="608">https://raw.githubusercontent.com/nm-l2tp/NetworkManager-l2tp/1.20.8/appdata/l2tp.png</image>
</screenshot>
<screenshot type="default">
<caption>The IPsec options dialog</caption>
<caption xml:lang="ru">Ðиалоговое окно наÑÑÑойки
паÑамеÑÑов IPsec</caption>
- <image width="800"
height="595">https://raw.githubusercontent.com/nm-l2tp/NetworkManager-l2tp/1.20.6/appdata/l2tp-ipsec.png</image>
+ <image width="800"
height="595">https://raw.githubusercontent.com/nm-l2tp/NetworkManager-l2tp/1.20.8/appdata/l2tp-ipsec.png</image>
</screenshot>
<screenshot type="default">
<caption>The PPP options dialog</caption>
<caption xml:lang="ru">Ðиалоговое окно наÑÑÑойки
паÑамеÑÑов PPP</caption>
- <image width="800"
height="738">https://raw.githubusercontent.com/nm-l2tp/NetworkManager-l2tp/1.20.6/appdata/l2tp-ppp.png</image>
+ <image width="800"
height="738">https://raw.githubusercontent.com/nm-l2tp/NetworkManager-l2tp/1.20.8/appdata/l2tp-ppp.png</image>
</screenshot>
</screenshots>
<url type="homepage">https://github.com/nm-l2tp/NetworkManager-l2tp</url>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/NetworkManager-l2tp-1.20.6/appdata/network-manager-l2tp.metainfo.xml.in
new/NetworkManager-l2tp-1.20.8/appdata/network-manager-l2tp.metainfo.xml.in
--- old/NetworkManager-l2tp-1.20.6/appdata/network-manager-l2tp.metainfo.xml.in
2022-10-29 03:28:58.000000000 +0200
+++ new/NetworkManager-l2tp-1.20.8/appdata/network-manager-l2tp.metainfo.xml.in
2022-12-29 06:39:11.000000000 +0100
@@ -26,17 +26,17 @@
<screenshots>
<screenshot type="default">
- <image width="800"
height="608">https://raw.githubusercontent.com/nm-l2tp/NetworkManager-l2tp/1.20.6/appdata/l2tp.png</image>
+ <image width="800"
height="608">https://raw.githubusercontent.com/nm-l2tp/NetworkManager-l2tp/1.20.8/appdata/l2tp.png</image>
</screenshot>
<screenshot type="default">
<caption>The IPsec options dialog</caption>
- <image width="800"
height="595">https://raw.githubusercontent.com/nm-l2tp/NetworkManager-l2tp/1.20.6/appdata/l2tp-ipsec.png</image>
+ <image width="800"
height="595">https://raw.githubusercontent.com/nm-l2tp/NetworkManager-l2tp/1.20.8/appdata/l2tp-ipsec.png</image>
</screenshot>
<screenshot type="default">
<caption>The PPP options dialog</caption>
- <image width="800"
height="738">https://raw.githubusercontent.com/nm-l2tp/NetworkManager-l2tp/1.20.6/appdata/l2tp-ppp.png</image>
+ <image width="800"
height="738">https://raw.githubusercontent.com/nm-l2tp/NetworkManager-l2tp/1.20.8/appdata/l2tp-ppp.png</image>
</screenshot>
</screenshots>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/NetworkManager-l2tp-1.20.6/configure.ac
new/NetworkManager-l2tp-1.20.8/configure.ac
--- old/NetworkManager-l2tp-1.20.6/configure.ac 2022-10-29 04:04:38.000000000
+0200
+++ new/NetworkManager-l2tp-1.20.8/configure.ac 2022-12-29 06:43:55.000000000
+0100
@@ -1,7 +1,7 @@
AC_PREREQ([2.69])
AC_INIT([NetworkManager-l2tp],
- [1.20.6],
+ [1.20.8],
[https://github.com/nm-l2tp/NetworkManager-l2tp/issues],
[NetworkManager-l2tp])
AM_INIT_AUTOMAKE([1.9 foreign no-dist-gzip dist-xz -Wno-portability])
@@ -183,13 +183,15 @@
GLIB_CFLAGS="$GLIB_CFLAGS -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_40"
GLIB_CFLAGS="$GLIB_CFLAGS -DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_40"
+if test x"$with_gnome" != xno || test x"$with_gtk4" != xno; then
+ PKG_CHECK_MODULES(LIBSECRET, libsecret-1 >= 0.18)
+fi
+
if test x"$with_gnome" != xno; then
PKG_CHECK_MODULES(GTK, gtk+-3.0 >= 3.16)
GTK_CFLAGS="$GTK_CFLAGS -DGDK_VERSION_MIN_REQUIRED=GDK_VERSION_3_16"
GTK_CFLAGS="$GTK_CFLAGS -DGDK_VERSION_MAX_ALLOWED=GDK_VERSION_3_16"
-
PKG_CHECK_MODULES(LIBNMA, libnma >= 1.8.0)
- PKG_CHECK_MODULES(LIBSECRET, libsecret-1 >= 0.18)
fi
if test x"$with_gtk4" != xno; then
Binary files old/NetworkManager-l2tp-1.20.6/po/ar.gmo and
new/NetworkManager-l2tp-1.20.8/po/ar.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/as.gmo and
new/NetworkManager-l2tp-1.20.8/po/as.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/be.gmo and
new/NetworkManager-l2tp-1.20.8/po/be.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/[email protected] and
new/NetworkManager-l2tp-1.20.8/po/[email protected] differ
Binary files old/NetworkManager-l2tp-1.20.6/po/bg.gmo and
new/NetworkManager-l2tp-1.20.8/po/bg.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/bn_IN.gmo and
new/NetworkManager-l2tp-1.20.8/po/bn_IN.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/bs.gmo and
new/NetworkManager-l2tp-1.20.8/po/bs.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/ca.gmo and
new/NetworkManager-l2tp-1.20.8/po/ca.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/[email protected] and
new/NetworkManager-l2tp-1.20.8/po/[email protected] differ
Binary files old/NetworkManager-l2tp-1.20.6/po/cs.gmo and
new/NetworkManager-l2tp-1.20.8/po/cs.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/da.gmo and
new/NetworkManager-l2tp-1.20.8/po/da.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/de.gmo and
new/NetworkManager-l2tp-1.20.8/po/de.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/dz.gmo and
new/NetworkManager-l2tp-1.20.8/po/dz.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/el.gmo and
new/NetworkManager-l2tp-1.20.8/po/el.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/en_GB.gmo and
new/NetworkManager-l2tp-1.20.8/po/en_GB.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/eo.gmo and
new/NetworkManager-l2tp-1.20.8/po/eo.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/es.gmo and
new/NetworkManager-l2tp-1.20.8/po/es.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/et.gmo and
new/NetworkManager-l2tp-1.20.8/po/et.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/eu.gmo and
new/NetworkManager-l2tp-1.20.8/po/eu.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/fa.gmo and
new/NetworkManager-l2tp-1.20.8/po/fa.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/fi.gmo and
new/NetworkManager-l2tp-1.20.8/po/fi.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/fr.gmo and
new/NetworkManager-l2tp-1.20.8/po/fr.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/fur.gmo and
new/NetworkManager-l2tp-1.20.8/po/fur.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/gl.gmo and
new/NetworkManager-l2tp-1.20.8/po/gl.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/gu.gmo and
new/NetworkManager-l2tp-1.20.8/po/gu.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/he.gmo and
new/NetworkManager-l2tp-1.20.8/po/he.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/hr.gmo and
new/NetworkManager-l2tp-1.20.8/po/hr.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/hu.gmo and
new/NetworkManager-l2tp-1.20.8/po/hu.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/id.gmo and
new/NetworkManager-l2tp-1.20.8/po/id.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/it.gmo and
new/NetworkManager-l2tp-1.20.8/po/it.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/ja.gmo and
new/NetworkManager-l2tp-1.20.8/po/ja.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/ka.gmo and
new/NetworkManager-l2tp-1.20.8/po/ka.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/kn.gmo and
new/NetworkManager-l2tp-1.20.8/po/kn.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/ko.gmo and
new/NetworkManager-l2tp-1.20.8/po/ko.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/lt.gmo and
new/NetworkManager-l2tp-1.20.8/po/lt.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/lv.gmo and
new/NetworkManager-l2tp-1.20.8/po/lv.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/mk.gmo and
new/NetworkManager-l2tp-1.20.8/po/mk.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/mr.gmo and
new/NetworkManager-l2tp-1.20.8/po/mr.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/nb.gmo and
new/NetworkManager-l2tp-1.20.8/po/nb.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/nl.gmo and
new/NetworkManager-l2tp-1.20.8/po/nl.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/oc.gmo and
new/NetworkManager-l2tp-1.20.8/po/oc.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/or.gmo and
new/NetworkManager-l2tp-1.20.8/po/or.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/pa.gmo and
new/NetworkManager-l2tp-1.20.8/po/pa.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/pl.gmo and
new/NetworkManager-l2tp-1.20.8/po/pl.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/ps.gmo and
new/NetworkManager-l2tp-1.20.8/po/ps.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/pt.gmo and
new/NetworkManager-l2tp-1.20.8/po/pt.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/pt_BR.gmo and
new/NetworkManager-l2tp-1.20.8/po/pt_BR.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/ro.gmo and
new/NetworkManager-l2tp-1.20.8/po/ro.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/ru.gmo and
new/NetworkManager-l2tp-1.20.8/po/ru.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/sk.gmo and
new/NetworkManager-l2tp-1.20.8/po/sk.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/sl.gmo and
new/NetworkManager-l2tp-1.20.8/po/sl.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/sr.gmo and
new/NetworkManager-l2tp-1.20.8/po/sr.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/[email protected] and
new/NetworkManager-l2tp-1.20.8/po/[email protected] differ
Binary files old/NetworkManager-l2tp-1.20.6/po/sv.gmo and
new/NetworkManager-l2tp-1.20.8/po/sv.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/ta.gmo and
new/NetworkManager-l2tp-1.20.8/po/ta.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/te.gmo and
new/NetworkManager-l2tp-1.20.8/po/te.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/th.gmo and
new/NetworkManager-l2tp-1.20.8/po/th.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/tr.gmo and
new/NetworkManager-l2tp-1.20.8/po/tr.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/ug.gmo and
new/NetworkManager-l2tp-1.20.8/po/ug.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/uk.gmo and
new/NetworkManager-l2tp-1.20.8/po/uk.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/vi.gmo and
new/NetworkManager-l2tp-1.20.8/po/vi.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/zh_CN.gmo and
new/NetworkManager-l2tp-1.20.8/po/zh_CN.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/zh_HK.gmo and
new/NetworkManager-l2tp-1.20.8/po/zh_HK.gmo differ
Binary files old/NetworkManager-l2tp-1.20.6/po/zh_TW.gmo and
new/NetworkManager-l2tp-1.20.8/po/zh_TW.gmo differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/NetworkManager-l2tp-1.20.6/properties/ipsec-dialog.c
new/NetworkManager-l2tp-1.20.8/properties/ipsec-dialog.c
--- old/NetworkManager-l2tp-1.20.6/properties/ipsec-dialog.c 2022-05-30
14:02:02.000000000 +0200
+++ new/NetworkManager-l2tp-1.20.8/properties/ipsec-dialog.c 2022-12-25
06:40:10.000000000 +0100
@@ -180,8 +180,6 @@
* connection (CA cert, cert, private key).
**/
- crypto_init_openssl();
-
fname = nma_cert_chooser_get_cert(this, NULL);
if (fname)
dirname = g_path_get_dirname(fname);
@@ -241,7 +239,6 @@
g_free(ca_cert_fname);
g_free(cert_fname);
g_free(key_fname);
- crypto_deinit_openssl();
}
static void
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/NetworkManager-l2tp-1.20.6/properties/nm-l2tp-dialog.ui
new/NetworkManager-l2tp-1.20.8/properties/nm-l2tp-dialog.ui
--- old/NetworkManager-l2tp-1.20.6/properties/nm-l2tp-dialog.ui 2022-04-15
11:22:04.000000000 +0200
+++ new/NetworkManager-l2tp-1.20.8/properties/nm-l2tp-dialog.ui 2022-11-19
02:11:56.000000000 +0100
@@ -1195,6 +1195,10 @@
<object class="GtkBox" id="dialog-vbox2">
<property name="visible">True</property>
<property name="can_focus">False</property>
+ <property name="margin_start">10</property>
+ <property name="margin_end">10</property>
+ <property name="margin_top">10</property>
+ <property name="margin_bottom">10</property>
<property name="orientation">vertical</property>
<property name="spacing">2</property>
<child internal-child="action_area">
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/NetworkManager-l2tp-1.20.6/properties/nm-l2tp-editor.c
new/NetworkManager-l2tp-1.20.8/properties/nm-l2tp-editor.c
--- old/NetworkManager-l2tp-1.20.6/properties/nm-l2tp-editor.c 2022-03-09
10:04:26.000000000 +0100
+++ new/NetworkManager-l2tp-1.20.8/properties/nm-l2tp-editor.c 2022-12-25
06:40:10.000000000 +0100
@@ -102,8 +102,6 @@
* connection (CA cert, cert, private key).
**/
- crypto_init_openssl();
-
fname = nma_cert_chooser_get_cert(this, NULL);
if (fname)
dirname = g_path_get_dirname(fname);
@@ -164,7 +162,6 @@
g_free(ca_cert_fname);
g_free(cert_fname);
g_free(key_fname);
- crypto_deinit_openssl();
}
static void
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/NetworkManager-l2tp-1.20.6/shared/nm-l2tp-crypto-openssl.c
new/NetworkManager-l2tp-1.20.8/shared/nm-l2tp-crypto-openssl.c
--- old/NetworkManager-l2tp-1.20.6/shared/nm-l2tp-crypto-openssl.c
2021-10-10 13:17:52.000000000 +0200
+++ new/NetworkManager-l2tp-1.20.8/shared/nm-l2tp-crypto-openssl.c
2022-12-25 06:40:10.000000000 +0100
@@ -22,30 +22,6 @@
#define PEM_ECDSA_KEY_BEGIN "-----BEGIN EC PRIVATE KEY-----"
#define PEM_ENCRYPTED "Proc-Type: 4,ENCRYPTED"
-static gboolean initialized = FALSE;
-
-gboolean
-crypto_init_openssl(void)
-{
- if (initialized)
- return TRUE;
-
- OpenSSL_add_all_algorithms();
- ERR_load_crypto_strings();
-
- initialized = TRUE;
- return TRUE;
-}
-
-void
-crypto_deinit_openssl(void)
-{
- if (initialized) {
- EVP_cleanup();
- initialized = FALSE;
- }
-}
-
static GByteArray *
file_to_g_byte_array(const char *filename, GError **error)
{
@@ -69,10 +45,6 @@
X509_SIG * p8;
PKCS8_PRIV_KEY_INFO * p8inf;
PKCS12 * p12;
- RSA * rsa;
- DSA * dsa;
- EC_KEY * ecdsa;
- gsize taglen = 0;
if (out_need_password != NULL) {
*out_need_password = FALSE;
@@ -159,93 +131,6 @@
goto out;
}
- /* try unencrypted traditional OpenSSL RSA PrivateKey PEM */
- BIO_reset(in);
- rsa = PEM_read_bio_RSAPrivateKey(in, NULL, NULL, "");
- if (rsa) {
- RSA_free(rsa);
- file_format = NM_L2TP_CRYPTO_FILE_FORMAT_RSA_PKEY_PEM;
- goto out;
- }
-
-#ifndef OPENSSL_NO_DSA
- /* try unencrypted traditional OpenSSL DSA PrivateKey PEM */
- BIO_reset(in);
- dsa = PEM_read_bio_DSAPrivateKey(in, NULL, NULL, "");
- if (dsa) {
- DSA_free(dsa);
- file_format = NM_L2TP_CRYPTO_FILE_FORMAT_DSA_PKEY_PEM;
- goto out;
- }
-#endif
-
-#ifndef OPENSSL_NO_EC
- /* try unencrypted traditional OpenSSL ECDSA PrivateKey PEM */
- BIO_reset(in);
- ecdsa = PEM_read_bio_ECPrivateKey(in, NULL, NULL, "");
- if (ecdsa) {
- EC_KEY_free(ecdsa);
- file_format = NM_L2TP_CRYPTO_FILE_FORMAT_ECDSA_PKEY_PEM;
- goto out;
- }
-#endif
-
- /* try encrypted traditional OpenSSL RSA, DSA and ECDA PrivateKeys PEM */
- if (array->len > 80) {
- if (memcmp(array->data, PEM_RSA_KEY_BEGIN, taglen =
strlen(PEM_RSA_KEY_BEGIN)) == 0)
- file_format = NM_L2TP_CRYPTO_FILE_FORMAT_RSA_PKEY_PEM;
- else if (memcmp(array->data, PEM_DSA_KEY_BEGIN, taglen =
strlen(PEM_DSA_KEY_BEGIN)) == 0)
- file_format = NM_L2TP_CRYPTO_FILE_FORMAT_DSA_PKEY_PEM;
- else if (memcmp(array->data, PEM_ECDSA_KEY_BEGIN, taglen =
strlen(PEM_ECDSA_KEY_BEGIN))
- == 0)
- file_format = NM_L2TP_CRYPTO_FILE_FORMAT_ECDSA_PKEY_PEM;
-
- if (file_format != NM_L2TP_CRYPTO_FILE_FORMAT_UNKNOWN) {
- if (memcmp(array->data + taglen + 1, PEM_ENCRYPTED,
strlen(PEM_ENCRYPTED)) == 0
- || memcmp(array->data + taglen + 2, PEM_ENCRYPTED,
strlen(PEM_ENCRYPTED)) == 0) {
- if (out_need_password != NULL)
- *out_need_password = TRUE;
- }
- }
- }
-
- /**
- * Note: There is no such thing as encrypted traditional OpenSSL
- * DER PrivateKeys, as OpenSSL never provided functions in the API.
- * For DER there is only unencrypted traditional OpenSSL PrivateKeys.
- **/
-
- /* try traditional OpenSSL RSA PrivateKey DER */
- BIO_reset(in);
- rsa = d2i_RSAPrivateKey_bio(in, NULL);
- if (rsa) {
- RSA_free(rsa);
- file_format = NM_L2TP_CRYPTO_FILE_FORMAT_RSA_PKEY_DER;
- goto out;
- }
-
-#ifndef OPENSSL_NO_DSA
- /* try traditional OpenSSL DSA PrivateKey DER */
- BIO_reset(in);
- dsa = d2i_DSAPrivateKey_bio(in, NULL);
- if (dsa) {
- DSA_free(dsa);
- file_format = NM_L2TP_CRYPTO_FILE_FORMAT_DSA_PKEY_DER;
- goto out;
- }
-#endif
-
-#ifndef OPENSSL_NO_EC
- /* try DER ECDSA */
- BIO_reset(in);
- ecdsa = d2i_ECPrivateKey_bio(in, NULL);
- if (ecdsa) {
- EC_KEY_free(ecdsa);
- file_format = NM_L2TP_CRYPTO_FILE_FORMAT_ECDSA_PKEY_DER;
- goto out;
- }
-#endif
-
out:
BIO_free(in);
g_byte_array_free(array, TRUE);
@@ -313,6 +198,15 @@
sk_X509_pop_free(ca, X509_free);
EVP_PKEY_free(pkey);
+ if (cert == NULL) {
+ g_set_error(error,
+ NM_CRYPTO_ERROR,
+ NM_CRYPTO_ERROR_DECRYPTION_FAILED,
+ _("Error obtaining certificate from PKCS#12 file '%s'."),
+ p12_filename);
+ return;
+ }
+
name = X509_get_subject_name(cert);
if (name == NULL) {
g_set_error(error,
@@ -634,16 +528,17 @@
}
PKCS12_free(p12);
- if (pkey) {
- if ((fp = g_fopen(pkey_out_filename, "w")) == NULL) {
- g_set_error(error,
- G_FILE_ERROR,
- g_file_error_from_errno(errno),
- _("Could not write '%s' : %s"),
- pkey_out_filename,
- g_strerror(errno));
- return FALSE;
- }
+ if ((fp = g_fopen(pkey_out_filename, "w")) == NULL) {
+ g_set_error(error,
+ G_FILE_ERROR,
+ g_file_error_from_errno(errno),
+ _("Could not write '%s' : %s"),
+ pkey_out_filename,
+ g_strerror(errno));
+ return FALSE;
+ }
+
+ if (fp && pkey) {
if (password && strlen(password) == 0)
password = NULL;
if (password)
@@ -658,7 +553,7 @@
PEM_write_PKCS8PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
}
- if (cert) {
+ if (fp && cert) {
if ((fp = g_freopen(cert_out_filename, "w", fp)) == NULL) {
g_set_error(error,
G_FILE_ERROR,
@@ -671,7 +566,7 @@
PEM_write_X509(fp, cert);
}
- if (ca && sk_X509_num(ca)) {
+ if (fp && ca && sk_X509_num(ca)) {
if ((fp = g_freopen(ca_out_filename, "w", fp)) == NULL) {
g_set_error(error,
G_FILE_ERROR,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/NetworkManager-l2tp-1.20.6/shared/nm-l2tp-crypto-openssl.h
new/NetworkManager-l2tp-1.20.8/shared/nm-l2tp-crypto-openssl.h
--- old/NetworkManager-l2tp-1.20.6/shared/nm-l2tp-crypto-openssl.h
2021-10-07 13:50:33.000000000 +0200
+++ new/NetworkManager-l2tp-1.20.8/shared/nm-l2tp-crypto-openssl.h
2022-12-25 06:40:10.000000000 +0100
@@ -13,17 +13,8 @@
NM_L2TP_CRYPTO_FILE_FORMAT_X509_PEM,
NM_L2TP_CRYPTO_FILE_FORMAT_PKCS8_DER,
NM_L2TP_CRYPTO_FILE_FORMAT_PKCS8_PEM,
- NM_L2TP_CRYPTO_FILE_FORMAT_RSA_PKEY_DER,
- NM_L2TP_CRYPTO_FILE_FORMAT_RSA_PKEY_PEM,
- NM_L2TP_CRYPTO_FILE_FORMAT_DSA_PKEY_DER,
- NM_L2TP_CRYPTO_FILE_FORMAT_DSA_PKEY_PEM,
- NM_L2TP_CRYPTO_FILE_FORMAT_ECDSA_PKEY_DER,
- NM_L2TP_CRYPTO_FILE_FORMAT_ECDSA_PKEY_PEM,
} NML2tpCryptoFileFormat;
-gboolean crypto_init_openssl(void);
-void crypto_deinit_openssl(void);
-
NML2tpCryptoFileFormat
crypto_file_format(const char *filename, gboolean *out_need_password, GError
**error);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/NetworkManager-l2tp-1.20.6/src/nm-l2tp-pppd-plugin.c
new/NetworkManager-l2tp-1.20.8/src/nm-l2tp-pppd-plugin.c
--- old/NetworkManager-l2tp-1.20.6/src/nm-l2tp-pppd-plugin.c 2022-05-01
09:26:47.000000000 +0200
+++ new/NetworkManager-l2tp-1.20.8/src/nm-l2tp-pppd-plugin.c 2022-12-03
00:42:47.000000000 +0100
@@ -146,13 +146,10 @@
static void
nm_ip_up(void *data, int arg)
{
+ guint32 pppd_made_up_address = htonl (0x0a404040 + ifunit);
ipcp_options opts = ipcp_gotoptions[0];
ipcp_options peer_opts = ipcp_hisoptions[0];
- ipcp_options want_opts = ipcp_wantoptions[0];
GVariantBuilder builder;
- guint32 pppd_made_up_address = htonl(0x0a404040 + ifunit);
- guint32 ext_gw_address = want_opts.hisaddr;
- guint32 ptp_address = 0;
g_return_if_fail(G_IS_DBUS_PROXY(gl.proxy));
@@ -181,22 +178,21 @@
* and if that's not right, use the made-up address as a last resort.
*/
if (peer_opts.hisaddr && (peer_opts.hisaddr != pppd_made_up_address)) {
- ptp_address = peer_opts.hisaddr;
- } else if (opts.hisaddr) {
- ptp_address = opts.hisaddr;
+ g_variant_builder_add(&builder,
+ "{sv}",
+ NM_VPN_PLUGIN_IP4_CONFIG_PTP,
+ g_variant_new_uint32 (peer_opts.hisaddr));
+ } else if (opts.hisaddr){
+ g_variant_builder_add(&builder,
+ "{sv}",
+ NM_VPN_PLUGIN_IP4_CONFIG_PTP,
+ g_variant_new_uint32 (opts.hisaddr));
} else if (peer_opts.hisaddr == pppd_made_up_address) {
/* As a last resort, use the made-up address */
- ptp_address = peer_opts.ouraddr;
- }
-
- /* Prevent NetworkManager < 1.36 adding route to PTP peer address if it
- * is also the VPN external gateway address.
- */
- if (ptp_address && ptp_address != ext_gw_address) {
g_variant_builder_add(&builder,
"{sv}",
NM_VPN_PLUGIN_IP4_CONFIG_PTP,
- g_variant_new_uint32(ptp_address));
+ g_variant_new_uint32(peer_opts.ouraddr));
}
g_variant_builder_add(&builder,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/NetworkManager-l2tp-1.20.6/src/nm-l2tp-service.c
new/NetworkManager-l2tp-1.20.8/src/nm-l2tp-service.c
--- old/NetworkManager-l2tp-1.20.6/src/nm-l2tp-service.c 2022-10-28
12:47:58.000000000 +0200
+++ new/NetworkManager-l2tp-1.20.8/src/nm-l2tp-service.c 2022-12-26
03:39:07.000000000 +0100
@@ -600,6 +600,7 @@
gboolean use_ephemeral_port;
gboolean use_ikev2;
gboolean tls_need_password;
+ gboolean is_local_set = FALSE;
g_autofree char * pwd_base64 = NULL;
const char * tls_key_filename = NULL;
const char * tls_cert_filename = NULL;
@@ -665,7 +666,6 @@
value = nm_setting_vpn_get_data_item(s_vpn, NM_L2TP_KEY_USER_AUTH_TYPE);
if (nm_streq0(value, NM_L2TP_AUTHTYPE_TLS)) {
priv->user_authtype = TLS_AUTH;
- crypto_init_openssl();
}
/**
@@ -680,7 +680,6 @@
tls_key_filename = nm_setting_vpn_get_data_item(s_vpn,
NM_L2TP_KEY_MACHINE_KEY);
tls_cert_filename = nm_setting_vpn_get_data_item(s_vpn,
NM_L2TP_KEY_MACHINE_CERT);
tls_ca_filename = nm_setting_vpn_get_data_item(s_vpn,
NM_L2TP_KEY_MACHINE_CA);
- crypto_init_openssl();
}
if (priv->ipsec_daemon == NM_L2TP_IPSEC_DAEMON_STRONGSWAN
@@ -702,7 +701,6 @@
if (!has_include_ipsec_secrets(ipsec_secrets_file)) {
fd = open(ipsec_secrets_file, O_CREAT | O_WRONLY,
S_IRUSR | S_IWUSR);
if (fd == -1) {
- crypto_deinit_openssl();
errsv = errno;
snprintf(errorbuf,
sizeof(errorbuf),
@@ -713,7 +711,6 @@
}
fp = fdopen(fd, "a");
if (fp == NULL) {
- crypto_deinit_openssl();
snprintf(errorbuf,
sizeof(errorbuf),
_("Could not append \"include
ipsec.d/ipsec.nm-l2tp.secrets\" "
@@ -736,7 +733,6 @@
sizeof(errorbuf),
_("Could not write %s/ipsec.nm-l2tp.secrets"),
ipsec_conf_dir);
- crypto_deinit_openssl();
return nm_l2tp_ipsec_error(error, errorbuf);
}
@@ -771,14 +767,12 @@
} else { /* TLS_AUTH */
if (!tls_key_filename) {
close(fd);
- crypto_deinit_openssl();
return nm_l2tp_ipsec_error(error, _("Machine private key
file not supplied"));
}
tls_key_fileformat =
crypto_file_format(tls_key_filename, &tls_need_password,
&config_error);
if (config_error) {
close(fd);
- crypto_deinit_openssl();
g_propagate_error(error, config_error);
return FALSE;
}
@@ -793,23 +787,6 @@
write_config_option(fd, ": PKCS8");
break;
- case NM_L2TP_CRYPTO_FILE_FORMAT_RSA_PKEY_DER:
- case NM_L2TP_CRYPTO_FILE_FORMAT_RSA_PKEY_PEM:
- write_config_option(fd, ": RSA");
- break;
-
- case NM_L2TP_CRYPTO_FILE_FORMAT_DSA_PKEY_DER:
- case NM_L2TP_CRYPTO_FILE_FORMAT_DSA_PKEY_PEM:
- /* strongSwan no longer supports DSA,
- we let strongSwan produce an error message */
- write_config_option(fd, ": DSA");
- break;
-
- case NM_L2TP_CRYPTO_FILE_FORMAT_ECDSA_PKEY_DER:
- case NM_L2TP_CRYPTO_FILE_FORMAT_ECDSA_PKEY_PEM:
- write_config_option(fd, ": ECDSA");
- break;
-
default:
write_config_option(fd, ": RSA");
}
@@ -836,7 +813,6 @@
crypto_init_nss(NM_IPSEC_NSS_DIR, &config_error);
if (config_error) {
close(fd);
- crypto_deinit_openssl();
g_propagate_error(error, config_error);
return FALSE;
}
@@ -844,7 +820,6 @@
if (config_error) {
close(fd);
crypto_deinit_nss(NULL);
- crypto_deinit_openssl();
g_propagate_error(error, config_error);
return FALSE;
}
@@ -866,7 +841,6 @@
}
if (config_error) {
crypto_deinit_nss(NULL);
- crypto_deinit_openssl();
g_propagate_error(error, config_error);
return FALSE;
}
@@ -874,7 +848,6 @@
g_byte_array_free(p12_array, TRUE);
if (config_error) {
crypto_deinit_nss(NULL);
- crypto_deinit_openssl();
g_propagate_error(error, config_error);
return FALSE;
}
@@ -888,7 +861,6 @@
fd = open(filename, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR |
S_IWUSR);
g_free(filename);
if (fd == -1) {
- crypto_deinit_openssl();
return nm_l2tp_ipsec_error(error, _("Could not write ipsec
config"));
}
@@ -916,7 +888,6 @@
tls_ca_fileformat = crypto_file_format(tls_ca_filename, NULL,
&config_error);
if (config_error) {
close(fd);
- crypto_deinit_openssl();
g_propagate_error(error, config_error);
return FALSE;
}
@@ -965,7 +936,6 @@
&config_error);
if (config_error) {
close(fd);
- crypto_deinit_openssl();
g_propagate_error(error, config_error);
return FALSE;
}
@@ -979,7 +949,6 @@
} else {
if (!tls_key_filename) {
close(fd);
- crypto_deinit_openssl();
return nm_l2tp_ipsec_error(error, _("Machine certificate
file not supplied"));
}
write_config_option(fd, " leftcert=\"%s\"\n",
tls_cert_filename);
@@ -1093,7 +1062,6 @@
g_free(filename);
if (fd == -1) {
- crypto_deinit_openssl();
return nm_l2tp_ipsec_error(error, _("Could not write kl2tpd
config."));
}
@@ -1113,7 +1081,6 @@
g_free(filename);
if (fd == -1) {
- crypto_deinit_openssl();
return nm_l2tp_ipsec_error(error, _("Could not write xl2tpd
config."));
}
@@ -1155,7 +1122,6 @@
g_free(filename);
if (fd == -1) {
- crypto_deinit_openssl();
return nm_l2tp_ipsec_error(error, _("Could not write ppp options."));
}
@@ -1164,19 +1130,59 @@
write_config_option(fd, "ipparam nm-l2tp-service-%s\n", priv->uuid);
- /* pass gateway IP address to nm-l2tp-pppd-plugin via
ipcp_wantoptions[0].hisaddr,
- but let pppd use the remote IP address being offered by the peer using
IPCP */
- write_config_option(fd, ":%s\n", priv->saddr);
- write_config_option(fd, "ipcp-accept-remote\n");
-
write_config_option(fd, "nodetach\n");
+ /* Any IPv4 configuration options */
s_ip4 = nm_connection_get_setting_ip4_config(priv->connection);
- if (!nm_setting_ip_config_get_ignore_auto_dns(s_ip4)) {
- write_config_option(fd, "usepeerdns\n");
+ if (s_ip4) {
+
+ value = nm_setting_ip_config_get_method (s_ip4);
+ if (nm_streq0(value, NM_SETTING_IP4_CONFIG_METHOD_MANUAL)) {
+ const char *ipv4_str = NULL;
+ const char *gway_str = NULL;
+ const char *mask_str = NULL;
+ char buf[NM_UTILS_INET_ADDRSTRLEN];
+ NMIPAddress *ipv4 = NULL;
+
+ /* If <local:remote> is specified, the IPCP negotiation will fail
unless
+ * - ipcp-accept-local, and/or
+ * - ipcp-accept-remote
+ * is specified. That depends on the server, but in any case allow
it.
+ *
+ * The "manual" option is really just a suggestion. "auto" is the
default.
+ */
+ ipv4 = nm_setting_ip_config_get_address(s_ip4, 0);
+ if (ipv4) {
+ int prefix = nm_ip_address_get_prefix(ipv4);
+ ipv4_str = nm_ip_address_get_address(ipv4);
+ mask_str =
nm_utils_inet4_ntop(nm_utils_ip4_prefix_to_netmask(prefix), buf);
+
+ gway_str = nm_setting_ip_config_get_gateway(s_ip4);
+ if (ipv4_str && gway_str) {
+ write_config_option(fd, "%s:%s\n", ipv4_str, gway_str);
+ if (mask_str) {
+ write_config_option(fd, "netmask %s\n", mask_str);
+ }
+ write_config_option(fd, "ipcp-accept-local\n");
+ write_config_option(fd, "ipcp-accept-remote\n");
+ is_local_set = TRUE;
+ }
+ }
+ }
+ if (nm_streq (value, NM_SETTING_IP4_CONFIG_METHOD_DISABLED)) {
+ write_config_option(fd, "noip\n");
+ } else {
+ if (!nm_setting_ip_config_get_ignore_auto_dns(s_ip4)) {
+ write_config_option(fd, "usepeerdns\n");
+ }
+ }
+ }
+
+ if (!is_local_set) {
+ write_config_option(fd, "noipdefault\n");
}
+ is_local_set = FALSE;
- write_config_option(fd, "noipdefault\n");
write_config_option(fd, "nodefaultroute\n");
/* Don't need to auth the L2TP server */
@@ -1202,7 +1208,6 @@
tls_key_fileformat = crypto_file_format(tls_key_filename,
&tls_need_password, error);
if (*error) {
close(fd);
- crypto_deinit_openssl();
return FALSE;
}
if (tls_need_password)
@@ -1225,19 +1230,14 @@
error);
if (*error) {
close(fd);
- crypto_deinit_openssl();
return FALSE;
}
} else {
switch (tls_key_fileformat) {
case NM_L2TP_CRYPTO_FILE_FORMAT_PKCS8_DER:
- case NM_L2TP_CRYPTO_FILE_FORMAT_RSA_PKEY_DER:
- case NM_L2TP_CRYPTO_FILE_FORMAT_DSA_PKEY_DER:
- case NM_L2TP_CRYPTO_FILE_FORMAT_ECDSA_PKEY_DER:
crypto_pkey_der_to_pem_file(tls_key_filename, value,
tls_key_out_filename, error);
if (*error) {
close(fd);
- crypto_deinit_openssl();
return FALSE;
}
break;
@@ -1250,14 +1250,12 @@
tls_cert_fileformat = crypto_file_format(tls_cert_filename, NULL,
error);
if (*error) {
close(fd);
- crypto_deinit_openssl();
return FALSE;
}
if (tls_cert_fileformat == NM_L2TP_CRYPTO_FILE_FORMAT_X509_DER) {
crypto_x509_der_to_pem_file(tls_cert_filename,
tls_cert_out_filename, error);
if (*error) {
close(fd);
- crypto_deinit_openssl();
return FALSE;
}
} else {
@@ -1269,14 +1267,12 @@
tls_ca_fileformat = crypto_file_format(tls_ca_filename, NULL,
error);
if (*error) {
close(fd);
- crypto_deinit_openssl();
return FALSE;
}
if (tls_ca_fileformat == NM_L2TP_CRYPTO_FILE_FORMAT_X509_DER) {
crypto_x509_der_to_pem_file(tls_ca_filename,
tls_ca_out_filename, error);
if (*error) {
close(fd);
- crypto_deinit_openssl();
return FALSE;
}
} else {
@@ -1379,7 +1375,6 @@
}
close(fd);
- crypto_deinit_openssl();
return TRUE;
}
@@ -1701,9 +1696,6 @@
switch (tls_key_fileformat) {
case NM_L2TP_CRYPTO_FILE_FORMAT_PKCS12:
case NM_L2TP_CRYPTO_FILE_FORMAT_PKCS8_DER:
- case NM_L2TP_CRYPTO_FILE_FORMAT_RSA_PKEY_DER:
- case NM_L2TP_CRYPTO_FILE_FORMAT_DSA_PKEY_DER:
- case NM_L2TP_CRYPTO_FILE_FORMAT_ECDSA_PKEY_DER:
key_filename = g_strdup_printf(RUNSTATEDIR "/nm-l2tp-%s/key.pem",
priv->uuid);
break;
@@ -2300,12 +2292,14 @@
{
NML2tpPlugin * plugin;
GMainLoop * main_loop;
- gboolean persist = FALSE;
- GOptionContext * opt_ctx = NULL;
- GError * error = NULL;
- g_autofree char *bus_name_free = NULL;
+ gboolean persist = FALSE;
+ GOptionContext * opt_ctx = NULL;
+ GError * error = NULL;
+ g_autofree char *bus_name_free = NULL;
const char * bus_name;
char sbuf[30];
+ char * l2tp_ppp_module[] = { "/sbin/modprobe", "l2tp_ppp",
NULL };
+ char * l2tp_netlink_module[] = { "/sbin/modprobe",
"l2tp_netlink", NULL };
GOptionEntry options[] = {{"persist",
0,
@@ -2383,6 +2377,24 @@
if (!persist)
g_signal_connect(plugin, "quit", G_CALLBACK(quit_mainloop), main_loop);
+ if (getenv("NM_L2TP_MODPROBE")) {
+ /* Fedora and RHEL have moved the L2TP kernel modules to the
+ * 'kernel-modules-extra' package and blacklisted all modules from
+ * the 'kernel-modules-extra' package by default.
+ * Load the L2TP modules now. Ignore errors.
+ * https://access.redhat.com/articles/3760101
+ */
+ if (!g_spawn_sync(NULL, l2tp_ppp_module, NULL, 0, NULL, NULL, NULL,
NULL, NULL, &error)) {
+ _LOGW("modprobing l2tp_ppp failed: %s", error->message);
+ g_error_free(error);
+ }
+
+ if (!g_spawn_sync(NULL, l2tp_netlink_module, NULL, 0, NULL, NULL,
NULL, NULL, NULL, &error)) {
+ _LOGW("modprobing l2tp_netlink failed: %s", error->message);
+ g_error_free(error);
+ }
+ }
+
g_main_loop_run(main_loop);
g_main_loop_unref(main_loop);
